Lucene search
K

144 matches found

OSV
OSV
added 2026/06/18 3:3 p.m.6 views

GHSA-M54H-VHF9-3W3M BBOT: Arbitrary File Write in postman_download Module

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS5.5AI score0.00251EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 3:3 p.m.10 views

EUVD-2026-37818

BBOT: Arbitrary File Write in postmandownload Module...

6.5CVSS5.2AI score0.00251EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 11:17 p.m.2 views

CVE-2026-12568

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS6AI score
Exploits0References1
NVD
NVD
added 2026/06/17 11:17 p.m.11 views

CVE-2026-12568

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:53 p.m.22 views

CVE-2026-12568 Arbitrary File Write in postman_download module

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:53 p.m.26 views

CVE-2026-12568

The CVE-2026-12568 entry affects the postman_download module. The root cause is unsanitized use of the workspace name field from the Postman API to build the local output directory path; if the workspace name contains path traversal characters, pathlib resolves outside the intended directory, ena...

6.5CVSS5.4AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50563

Name of the Vulnerable Software and Affected Versions Postman Download Module affected versions not specified Description The postman download module fails to sanitize the workspace name field retrieved from the Postman API when constructing local directory paths. A malicious workspace name...

6.5CVSS5.3AI score0.00251EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/19 5:43 p.m.9 views

org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-33228 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-33228 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15700434...

9.8CVSS6AI score0.00808EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/12 8:41 p.m.9 views

org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-32141 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-32141 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15518042...

7.5CVSS7.1AI score0.00777EPSS
Exploits1
NVD
NVD
added 2026/02/27 10:16 p.m.11 views

CVE-2026-28408

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

9.8CVSS0.00514EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.10 views

CVE-2017-18603

The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postmanemaillog page parameter...

6.1CVSS6AI score0.01011EPSS
Exploits1References1
CVE
CVE
added 2025/12/26 2:2 a.m.20 views

CVE-2025-15095

CVE-2025-15095 affects postmanlabs httpbin up to 0.6.1. The flaw is in httpbin-master/httpbin/core.py, enabling cross-site scripting via manipulated input. Exploitation is remote and publicly disclosed. Multiple sources confirm the vulnerability, but remediation notes vary and, in at least one en...

5.1CVSS5.2AI score0.00253EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.5 views

httpbin 代码注入漏洞

httpbin is an open source HTTP request and response service from Postman Inc. A code injection vulnerability exists in httpbin version 0.6.1 and earlier, which stems from a flaw in the file httpbin-master/httpbin/core.py and could lead to a cross-site scripting attack...

5.1CVSS4.7AI score0.00253EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.6 views

Malicious code in @postman/secret-scanner-wasm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1604689ef91985fbc1fe9f8958eb7a50835e71b7cfa4125de687ca37c2d19 The package @postman/secret-scanner-wasm was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References9
EUVD
EUVD
added 2025/11/24 4:31 p.m.4 views

EUVD-2025-198920

Malicious code in @postman/pm-bin-macos-x64 npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/24 4:31 p.m.3 views

MAL-2025-190903 Malicious code in @postman/pm-bin-linux-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94045a09bfa0905195be4f028d9e42bcf608154a645b14b2028754dc6e787b80 The package @postman/pm-bin-linux-x64 was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
OSV
OSV
added 2025/11/24 4:31 p.m.3 views

MAL-2025-190902 Malicious code in @postman/mcp-ui-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63316f530f87ac69078cc5b93dfdbc1a58d62f1f37a663f8bf40cb5489f4defc The package @postman/mcp-ui-client was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.6 views

Malicious code in @postman/postman-collection-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64948ce72be9099e788f3fd4ab6f5a1a67d0012429ae4e198bc7baa85a5197dd The package @postman/postman-collection-fork was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.6 views

Malicious code in @postman/pm-bin-windows-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02ae17f856e11e19fc956689bbc3e88c8de0052e0ea1017d2048d92f20bfa91b The package @postman/pm-bin-windows-x64 was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/11/24 4:31 p.m.4 views

MAL-2025-190911 Malicious code in @postman/secret-scanner-wasm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1604689ef91985fbc1fe9f8958eb7a50835e71b7cfa4125de687ca37c2d19 The package @postman/secret-scanner-wasm was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References9
Rows per page
Query Builder